Skip to content

Release Notes - 2.52.0📜

Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).

Upgrade Notices📜

Big Bang 3.0 is scheduled for release on June 13, 2025📜

Check out some of the epics and issues making it into this release, or read in greater depth about the Operatorless Istio Migration on our blog. Register to attend our next briefing, scheduled for Thursday 5 June 2025 at 1300 CT!

Coming soon: Watch the recording of our latest ‘Opening the Vault’ information session for more information about Big Bang 3.0

Please e-mail aflcmc.hncx.platformonebigbang@us.af.mil if you would like to be added to our Big Bang Distro List for the latest Big Bang BBTOC, Immersion Series, and e-mail updates

Version 2.54, releasing on May 30, 2025, will be the last update in the 2.x series and will reach end-of-life (EOL) upon the release of Big Bang 3.0

  • Istiod - MR:

    • Additional Envoy Filters📜

    • Big Bang’s istiod package (a component of operatorless istio) now supports the deployment of additional EnvoyFilter resources via values overlays:

      istiod:
        values:
        additionalEnvoyFilters:
          - name: hello-world
            labels: # optional
              hello: world
            annotations: # optional
              hello/world: "true"
            spec:
              configPatches:
                - applyTo: HTTP_FILTER
                  match:
                    context: SIDECAR_INBOUND
                    listener:
                      filterChain:
                        filter:
                          name: envoy.filters.network.http_connection_manager
                          subFilter:
                            name: envoy.filters.http.router
                  patch:
                    operation: INSERT_BEFORE
                    value:
                      name: envoy.filters.http.lua.hello-world
                      typed_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
                        inlineCode: |
                          function envoy_on_response(response_handle)
                            response_handle:headers():add("x-hello", "world")
                          end
      

    • NOTE: Any EnvoyFilter resources applied via this method will be deployed to the istio-system namespace.

  • Backstage - MR:

    • New package - Beta - Backstage:
    • Backstage, the popular developer portal framework, is now available as a Beta release addon for big bang. It currently supports several core packages of big bang as an enabled component resource. This includes base bigbang kubernetes resources information, istio, kiali, monitoring, kyverno, and logging, with plans to include other core and addon packages in the near future as dynamic components for big bang users. See backstage package architecture for information on backstage within bigbang. See P1 backstage chart for details and documentation regarding backstage configuration.
  • Nexus - MR:
    • As of version 3.77.0, the free edition of Nexus Repository is now called Sonatype Nexus Repository Community Edition.

    • Ref: https://help.sonatype.com/en/sonatype-nexus-repository-3-77-0-release-notes.html#sonatype-nexus-repository-oss-is-now-community-edition
    • The transition to community edition comes with additional usage limitations. Big Bang consumers are encouraged to review their usage of this project and determine if their usage still falls within the community edition usage limits.

Upgrades from previous releases📜

If coming from a version pre-2.51.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.51.1.

Packages📜

Package Type Package Version BB Version
Alloy Addon 1.7.1 2.0.23-bb.0
Anchore Enterprise Addon 5.16.0 3.6.0-bb.1
Updated Argocd Addon 2.14.10 7.8.26-bb.0 🔗
Authservice Addon 1.0.4 1.0.4-bb.2
New Backstage Addon 1.0.4 2.5.1-bb.0
Updated Bbctl BETA Core N / A 1.0.0-bb.4 🔗
Cluster Auditor Core 0.0.7 1.5.0-bb.25
Updated Eck Operator Core 3.0.0 3.0.0-bb.0 🔗
Updated Elasticsearch Kibana Core Kibana 8.17.4 Elasticsearch 8.17.4 1.28.0-bb.5 🔗
External Secrets Addon 0.15.1 0.15.1-bb.0
Fluentbit Core 3.2.9 0.48.9-bb.0
Fortify Addon 24.4.2.0009 1.1.2320154-bb.24
Gatekeeper Core 3.18.2 3.18.2-bb.5
Updated Gitlab Addon 17.10.4 8.10.4-bb.0 🔗
Gitlab Runner Addon 17.10.0 0.75.1-bb.0
Updated Grafana Core 11.6.0 8.12.1-bb.0 🔗
Haproxy Addon 2.2.33 1.19.3-bb.10
Harbor Addon 2.11.0 1.16.2-bb.4
Istio Controlplane Core Istio 1.23.6 Tetrate Istio Distro 1.23.6 1.23.6-bb.0
Updated Istio Crds BETA Core 1.25.2 1.25.2-bb.0 🔗
Updated Istio Gateway BETA Core 1.25.2 1.25.2-bb.1 🔗
Istio Operator Core Istio Operator 1.23.6 Tetrate Istio Distro Operator 1.23.6 1.23.6-bb.0
Updated Istiod BETA Core 1.25.2 1.25.2-bb.2 🔗
Updated Jaeger Core 1.62.0 2.57.0-bb.8 🔗
Keycloak Addon 26.1.4 7.0.1-bb.0
Kiali Core 2.8.0 2.8.0-bb.0
Kyverno Core 1.13.4 3.3.6-bb.1
Updated Kyverno Policies Core 3.3.4 3.3.4-bb.8 🔗
Kyverno Reporter Core 3.0.3 3.0.3-bb.1
Updated Loki Core 3.4.3 6.29.0-bb.0 🔗
Updated Mattermost Addon 10.6.1 10.6.1-bb.5 🔗
Mattermost Operator Addon 1.22.1 1.22.1-bb.2
Metrics Server Addon 0.7.2 3.12.2-bb.3
Updated Mimir BETA Addon '2.16.0' 5.7.0-bb.0 🔗
Updated Minio Addon RELEASE.2025-04-03T14-56-28Z 7.0.1-bb.0 🔗
Updated Minio Operator Addon 7.1.1 7.1.1-bb.0 🔗
Updated Monitoring Core Prometheus 3.2.1 Grafana 11.6.0 Alertmanager 0.28.1 70.7.0-bb.0 🔗
Neuvector Core 5.4.1 2.8.3-bb.1
Updated Nexus Addon 3.79.0-09 79.0.0-bb.0 🔗
Promtail Core 3.4.3 6.16.6-bb.3
Sonarqube Addon 10.7.0-community 10.7.0-bb.1
Tempo Core Tempo 2.7.2 Tempo Query 2.7.2 1.20.0-bb.0
Updated Thanos Addon 0.38.0 16.0.2-bb.0 🔗
Updated Twistlock Core 34.00.141 0.20.1-bb.0 🔗
Updated Vault Addon 1.19.2 0.30.0-bb.1 🔗
Velero Addon 1.15.2 8.7.1-bb.0
Wrapper Core 0.4.14 0.4.14

Changes in 2.52.0📜

Big Bang MRs📜

  • !6046: Resolve “Update Minimum Hardware Requirements Spreadsheet to include Metrics-Server”

Argocd📜

  • !6174: argocd update to 7.8.26-bb.0
# Changelog Updates

## [7.8.26-bb.0] - 2025-04-17
### Changed
- registry1.dso.mil/ironbank/big-bang/argocd v2.14.9 -> v2.14.10
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.69.0 -> v1.70.0
- registry1.dso.mil/ironbank/opensource/dexidp/dex v2.41.1 -> v2.42.0
- Update redis chart 20.11.4-bb.1 -> 20.13.0-bb.0

## [7.8.23-bb.2] - 2025-04-15
### Changed
- Updated labels for cypress tests to avoid conflict

Bbctl📜

  • !6147: bbctl update to 1.0.0-bb.4
# Changelog Updates

## [1.0.0-bb.4] - 2025-04-10
### Changed
- gluon - patch - 0.5.14 -> 0.5.15

## [1.0.0-bb.3] - 2025-04-08
### Changed
- Enable the standard pipelines for packages

Eck Operator📜

  • !6150: eckOperator update to 3.0.0-bb.0
# Changelog Updates

## [3.0.0-bb.0] - 2025-04-16
### Changed
- eck-operator updated from 2.16.1 to 3.0.0

Elasticsearch Kibana📜

  • !6140: elasticsearchKibana update to 1.28.0-bb.5
  • !6114: elasticsearchKibana update to 1.28.0-bb.4
# Changelog Updates

## [1.28.0-bb.5] - 2025-04-18
### Changed
- Added imagePullSecrets to be empty and it will use the default

## [1.28.0-bb.4] - 2025-04-14
### Changed
- gluon updated from 0.5.14 to 0.5.15
- ironbank/opensource/kubernetes/kubectl updated from v1.30.11 to v1.32.3
- prometheus-elasticsearch-exporter chart updated from 6.6.1 to 6.7.2

Gitlab📜

  • !6130: gitlab update to 8.10.4-bb.0
# Changelog Updates

## [8.10.4-bb.0] - 2025-04-12
### Changed
- ironbank/gitlab/gitlab/gitlab-webservice 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.10.1 -> 17.10.4

Grafana📜

  • !6163: grafana update to 8.12.1-bb.0
# Changelog Updates

## [8.12.1-bb.0] - 2025-04-18
### Changed
- gluon updated from 0.5.14 to 0.5.15
- grafana chart updated from 8.11.0 to 8.12.1

Istio Crds📜

  • !6154: istioCRDs update to 1.25.2-bb.0
# Changelog Updates

## [1.25.2-bb.0] - 2025-04-17
### Added
- Updated for upstream 1.25.2

Istio Gateway📜

  • !6153: istioGateway update to 1.25.2-bb.1
# Changelog Updates

## [1.25.2-bb.1] - 2025-04-22
### Changed
- Updated chart meta and added annotations

## [1.25.2-bb.0] - 2025-04-18
### Changed
- Updated for upstream 1.25.2

Istiod📜

  • !6186: istiod update to 1.25.2-bb.2
  • !6176: istiod update to 1.25.2-bb.1
  • !6164: Adds missing Traces templating to Istiod (Operator-less) package
  • !6155: istiod update to 1.25.2-bb.0
# Changelog Updates

## [1.25.2-bb.2] - 2025-04-30
### Added
- Added a `NetworkPolicy` that allows istiod access to the Kubernetes API

## [1.25.2-bb.1] - 2025-04-29
### Added
- Added option for passing in `EnvoyFilter` resources via `additionalEnvoyFilters`

### Changed
- Renamed `network-policies/additional-network-policies.yaml` to `network-policies/additional.yaml` for consistency

## [1.25.2-bb.0] - 2025-04-17
### Changed
- Updated for upstream 1.25.2

Jaeger📜

  • !6115: jaeger update to 2.57.0-bb.8
# Changelog Updates

## [2.57.0-bb.8] - 2025-04-15
### Removed
- Removed kubectl image from chart.yaml and values, as its been included by gluon

### Updated
- gluon 0.5.14 -> 0.5.15
- jaegertracing/jaeger-collector 1.67.0 -> 1.68.0
- jaegertracing/jaeger-es-index-cleaner 1.67.0 -> 1.68.0
- jaegertracing/jaeger-ingester 1.67.0 -> 1.68.0
- jaegertracing/jaeger-query 1.67.0 -> 1.68.0

Kyverno Policies📜

  • !6085: kyverno-policies update to 3.3.4-bb.8
# Changelog Updates

## [3.3.4-bb.8] - 2025-04-11
### Changed
- Update Gatekeeper migration doc

## [3.3.4-bb.7] - 2025-04-04
### Changed
- Fix Gatekeeper migration docs that is inaccurate
- Updated Gluon from 0.5.14 -> 0.5.15
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.30.10 -> v1.32.3

Loki📜

  • !6159: loki update to 6.29.0-bb.0
# Changelog Updates

## [6.29.0-bb.0] - 2025-04-18
### Changed
- Updated `loki` from 3.4.2 -> 3.4.3
- Updated `loki-canary` from 3.4.2 -> 3.4.3
- Updated `grafana-enterprise-logs` from v3.4.1 -> v3.4.2
- Updated `enterprise-logs-provisioner` from 3.4.1 -> 3.4.2
- Updated `k8s-sidecar` from 1.30.0 -> 1.30.3
- Updated `kubectl` from v1.30.10 -> v1.32.3
- Updated `memcached` from 1.6.37 -> 1.6.38
- Updated `nginx` from 1.27.4 -> 1.27.5
- Updated `gluon` from 0.5.14 -> 0.5.15
- Updated `rollout-operator` from 0.23.0 -> 0.24.0

Mattermost📜

  • !6166: mattermost update to 10.6.1-bb.5
# Changelog Updates

## [10.6.1-bb.5] - 2025-03-28
### Changed
- Added registry1.dso.mil/ironbank/opensource/minio/operator-sidecar (source) v7.0.0 -> v7.0.1
- Updated minio-instance updated to 7.0.1-bb.0
- Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-01-20T14-49-07Z -> RELEASE.2025-04-03T14-56-28Z

Mimir📜

  • !6157: mimir update to 5.7.0-bb.0
# Changelog Updates

## [5.7.0-bb.0] - 2025-04-23
### Changed
- mimir-distributed updated from 5.6.0 to 5.7.0
- registry1.dso.mil/ironbank/opensource/grafana/mimir 2.15.1 -> 2.16.0
- registry1.dso.mil/ironbank/opensource/grafana/rollout-operator v0.24.0 -> v0.26.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.4 -> 1.27.5

Minio📜

  • !6142: minio update to 7.0.1-bb.0
# Changelog Updates

## [7.0.1-bb.0] - 2025-04-21
### Changed
- Updated ironbank/opensource/minio/minio (source) RELEASE.2025-01-20T14-49-07Z -> RELEASE.2025-04-03T14-56-28Z
- Updated minio-instance to 7.0.1
- Updated operator-sidecar to v7.0.1

Minio Operator📜

  • !6173: minioOperator update to 7.1.1-bb.0
  • !6078: minioOperator update to 7.0.1-bb.3
# Changelog Updates

## [7.1.1-bb.0] - 2025-04-22
### Changed
- registry1.dso.mil/ironbank/opensource/minio/operator v7.0.1 -> v7.1.1

## [7.0.1-bb.3] - 2025-04-10
### Changed
- Update registry1.dso.mil/ironbank/opensource/minio/operator-sidecar to v7.0.1

Monitoring📜

  • !6149: monitoring update to 70.7.0-bb.0
# Changelog Updates

## [70.7.0-bb.0] - 2025-04-19
### Changed
- grafana 8.11.4 -> 8.12.1
- kube-prometheus-stack 70.4.1 -> 70.7.0
- kube-state-metrics 5.31.2 -> 5.32.0
- prometheus-windows-exporter 0.9.2 -> 0.10.0
- quay.io/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.11 -> v1.32.3
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- registry1.dso.mil/ironbank/opensource/prometheus/node-exporter v1.9.0 -> v1.9.1
- registry1.dso.mil/ironbank/opensource/thanos/thanos v0.37.2 -> v0.38.0

Nexus📜

  • !6172: nexusRepositoryManager update to 79.0.0-bb.0
  • !6146: nexusRepositoryManager update to 77.1.0-bb.2
# Changelog Updates

## [79.0.0-bb.0] - 2025-04-23

### Changed

- Updated Gluon 0.5.12 -> 0.5.15
- ironbank/sonatype/nexus/nexus (source) 3.77.0-01 -> 3.79.0-09
- registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.77.0-01 -> 3.79.0-09

## [77.1.0-bb.2] - 2025-04-21

### Changed

- Updated `curl` in tests to use `-L` to correctly handle http-to-https redirection
- Added parameters to determine if in-cluster test calls should use TLS

Thanos📜

  • !6156: thanos update to 16.0.2-bb.0
# Changelog Updates

## [16.0.2-bb.0] - 2025-04-21
### Changed
- gluon updated from 0.5.14 to 0.5.15
- ironbank/opensource/thanos/thanos from v0.37.2 -> v0.38.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.30.10 -> v1.32.3
- registry1.dso.mil/ironbank/opensource/thanos/thanos from v0.37.2 -> v0.38.0
- thanos chart updated from 15.9.1 to 16.0.2

Twistlock📜

  • !6179: twistlock update to 0.20.1-bb.0
# Changelog Updates

## [0.20.1-bb.0] - 2025-04-30
### Changed
- gluon updated from 0.5.15 to 0.5.16
- kubectl updated from v1.30.11 to v1.32.4
- registry1.dso.mil/ironbank/twistlock/console/console updated from 34.00.137 to 34.00.141 (vendor hotfix for better IngressNightmare detection)
- registry1.dso.mil/ironbank/twistlock/defender/defender updated from 34.00.137 to 34.00.141 (vendor hotfix for better IngressNightmare detection)

Vault📜

  • !6151: vault update to 0.30.0-bb.1
# Changelog Updates

## [0.30.0-bb.1] - 2024-04-22
### Changed
- Updated ironbank/hashicorp/vault (source) 1.19.1 -> 1.19.2
- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.19.1 -> 1.19.2

Known Issues📜

  • Kyverno-Reporter - ISSUE
    • there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target Workaround Steps
      • set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
            kubectl edit peerauthentication default-istio-system -n istio-system
            kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
        
  • keycloak
    • keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.
          flux reconcile hr -n bigbang keycloak --with-source --force
          kubectl delete pods -n keycloak
      
  • bbctl
    • Dashboards
      • CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Future📜

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.